Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system services in compact single-box packages, delivering a wide array of features to match the security and compliance needs of companies ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances allow IT security staffs to defend their network edge and offer safe remote connectivity while utilizing advanced administration tools built on Cisco's world-class firewall technology.
Ciscoís ASA 5500 and PIX 500 firewalls have arrived at end-of-life (EOL) but are still commonly used in small and mid-size organizations and in some enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high degree of protection by supplying multiple features such as firewall, VPN, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most deployed intrusion protection system. Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-premier network engineers can assist you to maintain and debug legacy ASA 5500 and PIX 500 firewalls and can also assist you to plan and carry out an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also help you to design, configure, tune, administer and debug new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an improved substitute for each rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X model targets the same market as the associated earlier models, which offers small and midsize businesses plenty of choice for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X family deliver consistent protection across any combination of physical, virtual, and cloud environments.
For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, see Cisco Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which offer layered protection against sophisticated threats. Cisco's Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, infrastructure, apps, and content to discover attacks that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA firewalls provide multi-layered security
Simpler deployments of ASA firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes an easy-to-use web console for deploying, administering, and debugging ASA 5500-X appliances and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be managed with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center offers features beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Extra features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a console that provides dynamic infrastructure visualization, automated policy optimization based on risk evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 firewall, Cisco's IPS 4200 family Intrusion Prevention System, and the VPN 3000 family concentrator. These solutions enable the Cisco ASA Firewall product line to deliver a firewall that stops the broadest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application protection, network containment, and clean VPN connectivity across Cisco's product line. This breadth of security allows the guarding of any network area, including the most typical attack conduits such as remote sites, LAN-attached inside users, and off-site connected VPNs.
The scalable architecture of the ASA 5500 family allows you to add security services via security service modules (SSMs) and security service cards (SSCs). These user-installable options give you the ability to add Intrusion Protection and content protection functions like filtering virus, spyware, and phishing attacks and executing data and web filtering. In addition to allowing your IT staff to react quickly to the latest threat vectors, the expandable design of the Cisco ASA 5500 family also protects your capital investment by increasing the life of your security appliances. The ASA 5500 Series also protects your investment in administrative team education by supporting the rich set of PIX security management tools and protocols such as the Cisco ASDM platform, secure command-line interface availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA 5500 Series firewalls deliver robust application protection via smart, application-aware inspection engines that examine network flows at Layers 4-7. The result is a safer environment covering Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to provide stronger policing of the applications and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are attack detection and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and tunneling applications, allowing businesses to enforce usage policies and free up bandwidth for critical business processes.
For more information about Progent's support services for ASA 5500 firewalls, see ASA 5500 firewalls integration and troubleshooting consulting.
Cisco PIX Firewall Appliances
Built upon a hardened, purpose-built software platform that delivers a wealth of security services, Cisco PIX firewall appliances provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances provide protection for a wide range of VoIP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and MGCP, helping organizations to protect installations of a broad array of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX security appliances offer a variety of setup, tracking, and analysis features, providing IT managers the versatility to utilize the methods that most closely meet their requirements. Administrative solutions include centralized, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-accessible management solution that greatly simplifies the installation, in-place modification, and tracking of a single Cisco PIX firewall appliance without requiring any extra software other than an ordinary browser and Java applet to be running on a manager's computer.
Administrators can furthermore remotely set up, monitor, and troubleshoot PIX security appliances using a command-line interface (CLI). Safe command-line interface (CLI) access is available using a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also include dependable auto-update features, a collection of advanced protected remote-administration services that make sure that security settings and software images/ are always up to date.
For more information about Progent's support services for PIX security appliances, visit PIX 500 firewalls configuration and troubleshooting support.
Progent's PIX to ASA Migration Consulting
Since Cisco has ceased selling the PIX family of firewalls, many businesses are uncomfortable with depending on a critical infrastructure component that might no longer be supported by Cisco. ASA 5500 firewalls offer the advantage of being current products and also offer a number of technical and budgetary benefits in comparison to PIX devices. These benefits include significantly better throughput, optional SSL tunneling support, and a modular design that protects your investment by enabling you to self-install more security services when and if you require them. Progent's Cisco certified experts can assist you to assess the strategic value of for moving from PIX 500 to Cisco ASA 5500 security appliances, create a migration plan that allows for a quick and seamless upgrade, help your IT staff to deploy new ASA 5500 firewalls, and offer online, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family firewalls incorporate a wealth of configuration, monitoring, and troubleshooting options which give you the flexibility to set up these firewalls to match your company's needs. Progent's CCIE authorized network consultants can help you to and support an efficient network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that offers world-class protection, resilience, throughput, and manageability. Progent's GISA and CISM-premier information security experts can help your business to create a security policy that makes sense for your situation and can configure your security appliance to support your security strategy. Progent's security assessment consultants can evaluate the effectiveness of your existing firewall solution and help determine the overall security of your entire information system environment. Progentís Help Desk Call Center can deliver emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.
To see more information about Progent's consulting help for Cisco solutions, pick a topic:
For more details concerning Progent's professional support for Cisco networking products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about consulting assistance for Cisco products, phone 1-800-993-9400 or see Contact Progent.